| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
The following distfiles were unfetchable (possibly fetched
conditionally?):
./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
|
|
Remove slang option, because slang support was removed.
2021-10-22 Richard Russon <rich@flatcap.org>
* Bug Fixes
- fix new mail notifications
- fix pattern compilation error for ~( !~>(~P) )
- fix menu display on window resize
- Stop batch mode emails with no argument or recipients
- Add sanitize call in print mailcap function
- fix `hdr_order` to use the longest match
- fix (un)setenv to not return an error with unset env vars
- fix Imap sync when closing a mailbox
- fix segfault on OpenBSD current
- sidebar: restore `sidebar_spoolfile` colour
- fix assert when displaying a file from the browser
- fix exec command in compose
- fix `check_stats` for Notmuch mailboxes
- Fallback: Open Notmuch database without config
- fix gui hook commands on startup
* Changed Config
- Re-enable `$ssl_force_tls`
* Translations
- 100% Serbian
- 100% Lithuanian
- 100% German
* Build
- Remove Slang from the build
- Warn about deprecated configure options
|
|
The native LDAP isn't compatible with the latest OpenLDAP that this package
expects. This really needs to be handled properly with an option but for
now this fixes the build and avoids inadvertently breaking anyone who
happens to be accidentally using LDAP support via builtin libraries.
|
|
its buildlink3.mk now includes openssl's buildlink3.mk
|
|
* Changes in release 0.8.5
Various changes to make it compile with newer g++ and libcrypto.
Manually parse /etc/resolv.conf, rather than attempting to make use of
the res data structure (which at least on OpenBSD no longer actually
contains the addresses of resolvers).
|
|
v3.4:
* t-prot, t-prot.1: Release as t-prot 3.4.
* t-prot, t-prot.1: Make documentation match Getopt::Long syntax:
e.g. -c=1 is not supported, use -c1 instead.
v3.3:
* t-prot: Release as version 3.3.
* t-prot: Removed trailing whitespace.
* t-prot: Small speedup: Run --pgp-short specific code only with
--pgp-short.
* t-prot: Fixed a bug with -Mmutt and pgp signed and encrypted
MIME/Multipart messages. Thanks to Axel Beckert for reporting!
v3.2:
* t-prot: Release as version 3.2.
* t-prot: Make bigq work when MS Tofu is detected with no text
above the quote, as with ZimbraWebClient.
* t-prot.1: Fix spelling error.
* t-prot.1: Update date string.
v3.1:
* t-prot: Release as t-prot v3.1.
* t-prot, t-prot.1: Support mutt-kz
(https://github.com/karelzak/mutt-kz) using -Mmutt-kz. Many
thanks to Hugo Roy for testing and reporting.
* t-prot: Unicode fix for MS Outlook.
v3.0:
* t-prot: After a very long testing phase, finally the version
update to 3.0.
* t-prot: Umlauts always are so wrong. Hopefully Outlook mails in
German are handled fine now.
* t-prot.1: Make clear that --pgp-move and --pgp-move-vrf also work
on SSL output.
* t-prot: Coding style cleanup in pgp().
* t-prot: Fix detection of unified diffs in the message body when
using --diff.
* t-prot.1: Update year.
* contrib/t-prot.sl: Reflect transition to slang2 in comments.
* contrib/t-prot.sl: Drop support for slang-1, default to slang-2.
* t-prot, contrib/muttrc.t-prot: Drop support for mutt-1.4. Default
to mutt-1.5.x strings.
* t-prot: Fix eYou Webmail Tofu.
* t-prot: Fix text/plain content-type detection with several user
agents.
v2.101:
* t-prot: Release as v2.101.
* t-prot: Add just another of mutt's decryption messages to the
list. This seems not to be translated yet, so no gettext() is
inserted this time.
v2.100:
* t-prot: Release as v2.100.
* t-prot: Add line to make -m filter Lotus Domino Webserver
produced TOFU.
* t-prot: Use uniform syntax notation for parameters in command
line options.
* t-prot.1: Use uniform syntax notation for parameters in command
line options.
v2.99:
* t-prot: Release as v2.99.
* t-prot, t-prot.1: New command line option --fixind to fix broken
quoting (regarding to RFC 3676). Perhaps this should not be
default, as there might be false positives if the message is
already quoted correctly. Quotes with this particular brokenness
are quite common, though. Patch by Simon Ruderich, many thanks.
* t-prot: Use index() instead of regex for $indent. Patch by Simon
Ruderich.
* t-prot: Revert new handling of empty lines at the beginning of
the body, as it removes lines where it should not.
* t-prot: Another bug with -c: Empty lines before the signature
were not handled properly. Patch by Simon Ruderich.
* t-prot: This causes -c1 to not create an empty line at the
beginning of the message if there were empty lines at the start
of the body. Patch by Simon Ruderich.
* t-prot, t-prot.1: Typos and documentation fixes regarding
$indent. Many thanks to Simon Ruderich.
v2.98:
* t-prot: Release as v2.98.
* t-prot.1: Clarify --lax-security description.
* t-prot: Use descriptive temp variable names when parsing command
line.
* t-prot.1: Mention configuration files for Heirloom mailx and
metamail. Avoid false impression with --lax-security.
* t-prot.1: Another Typo.
* t-prot.1: Fix spelling error. Thanks to Gerfried Fuchs!
v2.97:
* t-prot: Release as v2.97.
* t-prot, t-prot.1: Standard diff(1) output now is protected by
--diff, too. Many thanks to Martin Neitzel and Matthias Kilian.
v2.96:
* t-prot: Release as v2.96.
* t-prot: Allow -o /dev/null without bitching around.
* t-prot.1: Give some emergency help how to write to /dev/null. You
never know.
* t-prot.1: Remove repetition.
* t-prot: More syntax help fixes.
* t-prot.1: Update date string.
* t-prot.1: Fix --version description.
* t-prot.1: More syntax fixes.
* t-prot.1: Change option order for footer options.
* t-prot.1: More grouping: Footers.
* t-prot.1: Fix typo.
* t-prot, t-prot.1: Special output to "NONE" is not required. You
can use /dev/null.
* t-prot.1: Improve word flow.
* t-prot.1: Fix -i and -o syntax.
* t-prot.1: Improve MIME handling description.
* t-prot.1: Explain grouping of options and what happens if none
are specified. Be specific how MIME is handled.
* contrib/: mailcap.t-prot, nailrc.t-prot: New files: configuration
samples for metamail and Heirloom mailx (a.k.a. nail). Many
thanks to Martin Neitzel!
* t-prot.1: Fix -S syntax.
* t-prot: Fix -S syntax help.
* t-prot.1: Group options by meaning, rather than alphabetically.
Thanks to Martin Neitzel for suggesting.
* t-prot: Fix --help output order.
* t-prot: Fix -c syntax in --help, too.
* t-prot.1: Precisify wording for --ms-smart.
* t-prot.1: Be a little more specific as to what --ms-smart really
does.
* t-prot.1: Specify more clearly what locale to specify with
--locale. Thanks to Martin Neitzel for suggesting.
* t-prot.1: Fix -c syntax help.
* t-prot: Fix bad typo. Thanks to Martin Neitzel.
v2.95:
* t-prot: Big changes, we step a great deal towards the next major
version number. Release as v2.95.
* t-prot: Since Getopt::Mixed would break existing configurations
with the new -c command line switch behaviour, the migration to
Getopt::Long has been finished by now: This commit merges the big
bad Getopt::Long patch. Hope the performance issue does not turn
out to be too grave. Thanks to everyone for testing and providing
feedback.
* t-prot, t-prot.1, contrib/muttrc.t-prot, contrib/t-prot.sl: The
command line option -c now accepts an optional parameter
specifying the number of empty lines to remain. Thanks to Simon
Ruderich.
|
|
LibPST 0.6.76 (2021-03-27)
* Stuart C. Naifeh - fix rfc2231 encoding when saving messages
to both .eml and .msg formats.
|
|
* 2016-09-22: version 1.37
- added initial test suite
- testing using travis-ci (https://travis-ci.org/schweikert/postgrey)
- removed IP pool-detection code for --lookup-by-net, because it matched
also the naming of some big hosters like facebook (#32, Michal Petrucha,
Andrew Ayer, Jon Sailor)
- fix early logging of errors and warnings to syslog
- simplified IP matching code
- added support for IPv6 whitelists with netmask
- add network-range based whitelist for Office 365 (Holger Stember)
- updated whitelist
|
|
|
|
IMAPFilter 2.7.5 - 5 Dec 2020
- New "hostnames" option can be used to disable hostname validation.
- Bug fix; "certificates" option incorrectly controlled hostname validation.
|
|
v7.3.4 (2021-08-03)
Fixes
- folder: IMAP: fix issue when the response of searchforheaders is
the same UID multiple times. [Nicolas Sebrecht]
- Fix hooks for IDLE sync. [Reto Schnyder]
- Changed wrong comparison equal. [Rodolfo García Peñas (kix)]
- Comparison error. [Rodolfo García Peñas (kix)]
- remove outdated links to travis. [Nicolas Sebrecht]
- ui init is lintian clean. [Rodolfo García Peñas (kix)]
- Require the minimal dependencies in python package. [Martin Di Paola]
Changes
- README: update regarding the offlineimap3 fork. [Nicolas Sebrecht]
- redirect the users to offlineimap3. [Nicolas Sebrecht]
- threadutil imports not used. [Rodolfo García Peñas (kix)]
- Move out pkg attributes from __init__.py. [Martin Di Paola]
v7.3.3 (2020-04-11)
Features
- export env. variables when running account hooks. [Frank LENORMAND]
Fixes
- Fix stale gss api authentication security context. [Herton R. Krzesinski]
- Handle [ALREADYEXISTS] and Mailbox already exists!. [Chris Coleman]
Changes
- exec() the tunnel command. [martin f. krafft]
v7.3.2 (2019-12-17)
Fixes
- Revert "fix check for unsupported sep character". [Nicolas Sebrecht]
- Fixing the Arch Linux name. [Jaroslav Lichtblau]
v7.3.1 (2019-12-15)
Features
- Additional address for sysloghandler to handle mac. [Chris Coutinho]
- Added financial contributors to the README. [Jess]
- Introduce FUNDING.yml for opencollective. [Nicolas Sebrecht]
Fixes
- Fix check for unsupported sep character. [Nicolas Sebrecht]
- Contrib: use yaml.safe_load() instead of load(). [Nicolas Sebrecht]
- Ensure python2 in the release workflow. [Nicolas Sebrecht]
- Make docs: ensure py2 when running sphinx. [Nicolas Sebrecht]
Changes
- Update README.md. [Chris Coleman]
v7.3.0 (2019-08-19)
Features
- Implement Happy Eyeballs. [Olivier Mehani]
- imaplib2 v2.101. [Nicolas Sebrecht]
- imaplib2 v2.100. [Nicolas Sebrecht]
Changes
- Update readme to give an hint about Linux distros. [Dario Maiocchi]
- travis: remove python3.6. [Nicolas Sebrecht]
- README: add required dependency to rfc6555. [Nicolas Sebrecht]
imaplib2
- Do not use TIMEOUT_MAX for Condition.wait(). [Ilias Tsitsimpis]
- Use SSLContext if available so we send SNI. [Julien Cristau]
- Don't expect trailing space on command completion. [Ben Cotterell]
v7.2.4 (2019-06-08)
Features
- mkdir -p alike folder creation. [Kyle Altendorf]
Fixes
- Use portable locker to support cygwin in Windows. [kimim]
- contrib/release.py: don't break if sphinx-build is missing. [Nicolas Sebrecht]
Changes
- Update FSF postal address. [Jelmer Vernooij]
- repository/IMAP: update copyright header date. [Nicolas Sebrecht]
- PULL_REQUEST_TEMPLATE: add space between brackets to enable the edition
in the gui. [Nicolas Sebrecht]
|
|
- limit maildir nesting depth
- enable embedding arbitrarily long strings into IMAP commands
- CVE-2021-3578: fix handling of unexpected APPENDUID response code
- don't crash on malformed CAPABILITY responses
- tolerate INBOX mis-casing in Path
- make UIDVALIDITY recovery more strict about vanished messages
- improve error messages about irrecoverably changed UIDVALIDITY
- CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB
- be more tolerant of formally malformed response codes
- fix bogus continuation of IMAP list parsing
- accept unsolicited FETCH responses (without payload) after all
- use correct <poll.h> header
|
|
0.90: minor cleanups
- Update various regular expressions to not break under a future
Perl 5.30 release
- Use a .sieve filename extension for temporary files, to assist
text-editors with mode selection.
|
|
This fixes the STARTTLS-related crash bugs mentioned here:
https://nostarttls.secvuln.info/
* Balsa-2.6.3 release. Release date 2021-08-18
- Improve Autocrypt-related error messages.
- Improvements to communication with GnuPG key servers.
- Create standard-compatible HTML messages.
- Implement sender-dependent HTML message preferences.
- Reuse HTTP connections when rendering HTML messages.
- Do not send empty Reply-To, Cc, etc headers.
- More robust IMAP parser and response handling.
- Code cleanups, platform-dependent build fixes
|
|
pkgsrc changes and notes:
- According to the release notes, this fixes CVE-2021-38370 by
Damian Poddebniak.
- I have added the maildir patch, as FreeBSD does, because it seems
useful.
- I have removed the non-trivial patch for OpenBSD, because going by
OpenBSD's ports repository it's no longer necessary at all.
Version 2.25 includes several new features and bug fixes.
Additions include:
* Unix Alpine: New configuration variable ssl-ciphers that allows users
to list the ciphers to use when connecting to a SSL server. Based on a
collaboration with Professor Martin Trusler.
* New hidden feature enable-delete-before-writing to add support for
terminals that need lines to be deleted before being written. Based on
a collaboration with Professor Martin Trusler.
* Experimental: The instruction to remove the double quotes from the
processing of customized headers existed in pine, but it was removed
in alpine. Restoring old Alpine behavior. See this
* Add the capability to record http debug. This is necessary to debug
XOAUTH2 authentication, and records sensitive login information. Do
not share your debug file if you use this form of debug.
* Remove the ability to choose between the device and authorize methods
to login to outlook, since the original client-id can only be used for
the device method. One needs a special client-id and client-secret to
use the authorize method in Outlook.
* PC-Alpine only: Some service providers produce access tokens that are
too long to save in the Windows Credentials, so the access tokens will
be split and saved as several pieces. This means that old versions of
Alpine will NOT be able to use saved passwords once this new version
of Alpine is used.
* PC-Alpine: Debug files used to be created with extension .txt1, .txt2,
etc. Rename those files so that they have extension .txt.
* Always follow â**suppress-asterisks-in-password-promptâ** setting in
the various password prompts. Submitted by Étienne Deparis.
* Use 'alpine -F' instead of 'pine -F' as the browser default pager.
Submitted by Étienne Deparis.
* Introduction of OTHER CMDS menu for the browser/pilot to let people
discover the two new commands: "1" is a toggle that switches between 1
column and multicolumn mode. The "." command toggles between hiding or
showing hidden files, and the "G" command to travel between
directories. Contributed by Étienne Deparis.
* Add option -xoauth2-flow to the command line, so that users can
specify the parameters to set up an xoauth2 connection through the
command line.
* Alpine deletes, from its internal memory and external cache, passwords
that do not work, even if they were saved by the user.
* New format for saving passwords in the windows credential manager for
PC-Alpine. Upon starting this new version of Alpine the passwords
saved in the credential manager are converted to the new format and
they will not be recognized by old versions of Alpine, but only by
this and newer versions of Alpine.
* Enabled encryption protocols in PC-Alpine are based on those enabled
in the system, unless one is specified directly.
Bugs that have been addressed include:
* The c-client library parses information from an IMAP server during
non-authenticated state which could lead to denial of service.
Reported by Damian Poddebniak from Münster University of Applied
Sciences.
* Memory corruption when alpine searches for a string that is an
incomplete utf8 string in a local folder. This could happen by
chopping a string to make it fit a buffer without regard to its
content. We fix the string so that chopping it does not damage it.
Reported by Andrew.
* Crash in the ntlm authenticator when the user name does not include a
domain. Reported and fixed by Anders Skargren.
* When forwarding a message, replacing an attachment might make Alpine
re-attach the original attachment. Reported by Michael Traxler.
* When an attachment is deleted, the saved message with the deleted
attachment contains extra null characters after the end of the
attachment boundary.
* Tcp and http debug information is not printed unless the default debug
level is set to 1. Print this if requested, regardless of what the
default debug level is.
* When trying to select a folder for saving a message, one can only
enter a subfolder by pressing the ">" command, rather than the normal
navigation by pressing "Return". Reported by Ulf-Dietrich Braunmann.
* Crash when attempting to remove a configuration for a XOAUTH2 server
that has no usernames configured.
* Crash caused by saving (and resaving) XOAUTH2 refresh and access
tokens in PC-Alpine. Reported by Karl Lindauer.
|
|
Added:
-Add forward mail option
-Add url_launcher config setting
-Add add_addresses_to_contacts command
-Add show_date_in_my_timezone pager config flag
-docs: add pager filter documentation
-mail/view: respect per-folder/account pager filter override
-pager: add filter command, esc to clear filter
-Show compile time features in with command argument
Fixed:
-melib/email/address: quote display_name if it contains ","
-melib/smtp: fix Cc and Bcc ignored when sending mail
-melib/email/address: quote display_name if it contains "."
|
|
* Security
- Fix CVE-2021-32055
* Features
- threads: implement the `$use_threads` feature
https://neomutt.org/feature/use-threads
- hooks: allow a -noregex param to folder and mbox hooks
- mailing lists: implement list-(un)subscribe using RFC2369 headers
- mailcap: implement x-neomutt-nowrap flag
- pager: add `$local_date_header` option
- imap, smtp: add support for authenticating using XOAUTH2
- Allow `<sync-mailbox`> to fail quietly
- imap: speed up server-side searches
- pager: improve skip-quoted and skip-headers
- notmuch: open database with user's configuration
- notmuch: implement `<vfolder-window-reset>`
- config: allow += modification of my_ variables
- notmuch: tolerate file renames behind neomutt's back
- pager: implement `$pager_read_delay`
- notmuch: validate `nm_query_window_timebase`
- notmuch: make $nm_record work in non-notmuch mailboxes
- compose: add `$greeting` - a welcome message on top of emails
- notmuch: show additional mail in query windows
* Changed Config
- Renamed lots of config, e.g. `askbcc` to `ask_bcc`.
* Bug Fixes
- imap: fix crash on external IMAP events
- notmuch: handle missing libnotmuch version bumps
- imap: add sanity check for qresync
- notmuch: allow windows with 0 duration
- index: fix index selection on `<collapse-all>`
- imap: fix crash when sync'ing labels
- search: fix searching by Message-Id in `<mark-message>`
- threads: fix double sorting of threads
- stats: don't check mailbox stats unless told
- alias: fix crash on empty query
- pager: honor mid-message config changes
- mailbox: don't propagate read-only state across reopens
- hcache: fix caching new labels in the header cache
- crypto: set invalidity flags for gpgme/smime keys
- notmuch: fix parsing of multiple `type=`
- notmuch: validate $nm_default_url
- messages: avoid unnecessary opening of messages
- imap: fix seqset iterator when it ends in a comma
- build: refuse to build without pcre2 when pcre2 is linked in ncurses
* Translation updates
|
|
|
|
|
|
|
|
|
|
If this is here, the build on NetBSD breaks with
In file included from gmime-filter-reply.c:21:
gmime-filter-reply.h:22:10: fatal error: gmime/gmime-filter.h: No such file or directory
22 | #include <gmime/gmime-filter.h>
| ^~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
after
Checking for available C compiler warning flags...
-Wall -Wextra -Wwrite-strings -Wmissing-declarations
./configure: perl_absolute: parameter not set
./configure: perl_absolute: parameter not set
Disable test target as well.
|
|
Fix a build issue on SunOS (or likely any host that is already running a
gpg-agent which confuses the gpgme configure tests), and fix test target.
Notmuch 0.33.2 (2021-09-30)
===========================
Tests
-----
Improve reliability of T355-smime by changing gpgsm initialization.
|
|
Fixes various behaviour due to not correctly detecting GNU iconv during
configure. Test suite is now clean. Bump PKGREVISION.
|
|
|
|
2021-02-05 Richard Russon <rich@flatcap.org>
* Features
- Add <skip-headers> to skip past message headers in pager
- Add <view-pager> function to attachment menu
* Bug Fixes
- Fix detection of mbox files with new mail
- Fix crash on collapsed thread
- Fix group-chat-reply
- Clear the message window on resize
- Do not crash on return from shell-exec if there's no open mailbox
- Abort IMAP open if condstore/qresync updates fetch fails
- Fix smtp crash on invalid $smtp_authenticators list
- Fix pager dropped input on screen resize
- Fix mime forwarding
- Check config after hooks
- Always recreate a mailbox after folder-hook
* Translations
- 88% Slovakian
* Docs
- Adjust doc to explicitly mention $count_alternative
- Restore correct "$sort_re" documentation
- Clarify pattern completion
- Man pages: Clear up "-H" and "-O"
* Build
- Update to latest acutest
- Update to latest autosetup
- Make the location of /tmp configurable
|
|
|
|
|
|
inetd-like mail servers.
smtpd-starttls-proxy is a chainloading program that runs right before
the SMTP server on your command line. It interposes itself between the
client commands and the server, and implements STARTTLS on behalf of
the server.
|
|
3.2021.0901 (2021-09-01)
* Updated the Apache and IANA media registry entries as of release date.
* Added file extension for WebVTT text format. #46.
|
|
|
|
Notmuch 0.33.1 (2021-09-10)
===========================
General
-------
Replace the fully-qualified-domain-name of the host with "localhost"
in the default email address. This should fix two flaky subtests in
T590-libconfig.
|
|
This is a bug-fix release, fixing some of the fixes in last release. IMAP
users (and especially QRESYNC users) are again advised to upgrade.
|
|
This moves the configuration files for Roundcube plug-ins to $PKG_SYSCONFDIR,
where they should belong instead of $RC_DIR/$PLUGIN_DIR.
This works without any further patches, because Roundcube falls back to
RCUBE_CONFIG_DIR.'/'.$this->ID . '.inc.php' for plug-ins basically.
Bumps PKGREVISION for the plug-ins using ../../mail/roundcube/plugins.mk
(enigma, password, and zipdownload).
Tested on NetBSD/amd64.
OK taca@
|
|
|
|
meli aims for configurability and extensibility with sane defaults.
It seeks to be a mail client for both new and power users of the terminal, but
built today.
A variety of email workflows and software stacks should be usable with meli.
Integrate e-mail storage, sync, tagging system, SMTP client, contact management
and editor of your choice to replace the defaults.
features:
-email threads
-multithreaded
-embed your own editor
-plain text configuration
-multi-tasking with UI tabs
-IMAP, Maildir, notmuch, JMAP, mbox
-optional sqlite3 index search
-fast and minimal account configuration
-contact list (+read-only vCard support)
-forced UTF-8 - other encodings are read-only
|
|
1.0.11 (2021-09-05)
* Fix PHP 8.1: strlen(): Passing null to parameter #1 ($string) of type
string is deprecated [alec]
* Fix encoding recipient names with @ character and no space between name
and address [alec]
* Fix the license label in composer.json [jnkowa-gfk]
|
|
Changelog:
Library
-------
Correct documentatation about transactions.
Add a configurable automatic commit of transactions. See
`database.autocommit` in notmuch-config(1).
Document the algorithm used to find a database.
CLI
---
Define format version 5, which supports sorting the output of
notmuch-show.
Emacs
-----
`notmuch` no longer sets `mail-user-agent` on load. To restore the
previous behaviour of using notmuch to send mail by default, customize
`mail-user-agent` to `notmuch-user-agent`.
`notmuch-company` now works in `org-msg`.
Improve the display of messages from long threads in unthreaded mode.
Prefer email addresses over User ID when showing valid signatures.
Define a new face `notmuch-jump-key`.
New commands in notmuch-tree view: `notmuch-tree-filter` and
`notmuch-tree-filter-by-tag`.
Honour `notmuch-show-text/html-blocked-images` when using `w3m` to
render html.
Support toggling sort order in notmuch-tree mode.
Ruby
----
Memory management of allocated notmuch objects (database, messages,
etc...) is now done via the Ruby GC. This removes all constraints on
the order of object destruction. Database close and destroy are
split, following an old library API change.
Vim
---
Respect excluded tags when showing a thread.
Documentation
-------------
Fix doc build for Sphinx 4.0.
Improve the markup and linking of the documentation.
|
|
3.2021.0704 (2021-07-04)
* Updated the Apache and IANA media registry entries as of release date.
|
|
This takes advantage of the introduction of the SYSCONFBASE variable.
Tested on NetBSD/amd64.
ok adam@
Bumps PKGREVISION.
|
|
|
|
This takes advantage of the introduction of the SYSCONFBASE variable.
Tested on NetBSD/amd64.
Bumps PKGREVISION.
|
|
|
|
upstream changes:
-----------------
fetchmail-6.4.21 (released 2021-08-09, 30042 LoC):
# REGRESSION FIX:
* The new security fix in 6.4.20 for CVE-2021-36386 caused truncation of
messages logged to buffered outputs, predominantly --logfile.
This also caused lines in the logfile to run into one another because
the fragment containing the '\n' line-end character was usually lost.
Reason is that on all modern systems (with <stdarg.h> header and vsnprintf()
interface), the length of log message fragments was added up twice, so
that these ended too deep into a freshly allocated buffer, after the '\0'
byte. Unbuffered outputs flushed the fragments right away, which masked the
bug.
Reported by: Jürgen Edner, Erik Christiansen.
--------------------------------------------------------------------------------
fetchmail-6.4.20 (released 2021-07-28, 30042 LoC):
# SECURITY FIX:
* When a log message exceeds c. 2 kByte in size, for instance, with very long
header contents, and depending on verbosity option, fetchmail can crash or
misreport each first log message that requires a buffer reallocation.
fetchmail then reallocates memory and re-runs vsnprintf() without another
call to va_start(), so it reads garbage. The exact impact depends on
many factors around the compiler and operating system configurations used and
the implementation details of the stdarg.h interfaces of the two functions
mentioned before. To fix CVE-2021-36386.
Reported by Christian Herdtweck of Intra2net AG, Tübingen, Germany.
He also offered a patch, which I could not take for fetchmail 6.4 because
it required a C99 system and I'd promised earlier that 6.4 would remain
compatible with C89 systems.
|
|
This is an important bug-fix release, fixing a potential data-loss IMAP bug.
IMAP users are strongly advised to upgrade.
|
|
|
|
|
|
|
|
Changelog:
Notmuch 0.32.3 (2021-08-17)
===========================
Library
-------
Restore location of database via `MAILDIR` environment variable, which
was broken in 0.32.
Bump libnotmuch minor version to match the documentation in
`notmuch.h`.
Correct documentation for deprecated database opening functions to
point out that they (still) do not load configuration information.
CLI
---
Restore "notmuch config get built_with.*", which was broken in 0.32.
|
|
Update Ruby on Rails 6.1 pacakges to 6.1.4.1.
Real changes are in Action Pack (www/ruby-actionpack61).
## Rails 6.1.4.1 (August 19, 2021) ##
* [CVE-2021-22942] Fix possible open redirect in Host Authorization middleware.
Specially crafted "X-Forwarded-Host" headers in combination with certain
"allowed host" formats can cause the Host Authorization middleware in Action
Pack to redirect users to a malicious website.
|
